Microsoft updates Security Compliance Manager tool

Microsoft on Friday issued an update of its Security Compliance Manager tool, which helps IT pros set security policies for some Microsoft software.

The update improves over the initial release in April by including documentation and guidance materials within the tool, according to a Microsoft TechNet library article. Security Compliance Manager is a free Microsoft "solution accelerator" that works with Microsoft's System Center Configuration Manager 2007 management product. It's considered to be "the next evolution of the Microsoft Security Compliance Management Toolkit" series, the article explains.

The updated Security Compliance Manager can be downloaded here, along with release notes and a "Getting Started Guide" that Microsoft published in June. The tool runs on Windows 7 and Windows Vista Service Pack 2.

To customize security settings, IT pros can make copies of the baseline files and then modify the baseline settings. These customized settings can then be exported across the computing environment via Group Policy.

The tool offers a number of export formats, such as Excel, Group Policy objects, desired configuration management (DCM) packs or the Security Content Automation Protocol, according to TechNet. However, Microsoft's "Getting Started Guide" recommends the DCM format, which works with System Center Configuration Manager to help monitor the security baselines.

"The desired configuration management (DCM) feature of System Center Configuration Manager 2007 monitors server or client computers against a single or multiple security baselines," the Guide states. "To take advantage of this scanning feature, use the Security Compliance Manager to produce DCM configuration packs based on your security baselines."

In addition to enabling custom security settings, the tool can be used to check how closely an organization's existing security settings match up with Microsoft's best-practice recommendations.